1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
/** @file
This is the main DXE file for TXT. It represents an abstract outline of the
steps required during DXE for enabling TXT. Each individual step is further
abstracted behind a function call interface. This is intended to minimize
the need to modify this file when porting TXT to future platforms.
@copyright
Copyright (c) 1999 - 2012 Intel Corporation. All rights reserved
This software and associated documentation (if any) is furnished
under a license and may only be used or copied in accordance
with the terms of the license. Except as permitted by such
license, no part of this software or documentation may be
reproduced, stored in a retrieval system, or transmitted in any
form or by any means without the express written consent of
Intel Corporation.
This file contains an 'Intel Peripheral Driver' and uniquely
identified as "Intel Reference Module" and is
licensed for Intel CPUs and chipsets under the terms of your
license agreement with Intel or your vendor. This file may
be modified by the user, subject to additional terms of the
license agreement
**/
///
/// External include files do NOT need to be explicitly specified in real EDKII
/// environment
///
#if !defined(EDK_RELEASE_VERSION) || (EDK_RELEASE_VERSION < 0x00020000)
#include "EdkIIGlueDxe.h"
#include "Txt.h"
#include "TxtDxeLib.h"
#endif
TXT_DXE_LIB_CONTEXT mTxtDxeCtx;
/**
This function gets registered as a callback to run the SCHECK function
from the TXT BIOS ACM as a result of Boot Events.
@param[in] Event - A pointer to the Event that triggered the callback.
@param[in] Context - A pointer to private data registered with the callback function.
@retval EFI_SUCCESS - Always.
**/
EFI_STATUS
EFIAPI
ScheckCallback (
IN EFI_EVENT Event,
IN VOID *Context
)
{
DEBUG ((EFI_D_INFO, "TXTDXE::Running of DoScheck\n"));
DoScheck (&mTxtDxeCtx);
///
/// Closed the event to avoid call twice when launch shell
///
gBS->CloseEvent (Event);
return EFI_SUCCESS;
}
/**
This is the entry point to the TXT DXE Driver. This routine checks to see if
the platform should be configured for TXT and if so, configures the platform
by reserving and initializing TXT Configuration Space and TXT Device Memory and
registering a callback to run SCHECK from the TXT BIOS ACM prior to boot.
If the platform should not be configured for TXT, this routine checks the
establishment bit in the TPM and resets it if it is asserted.
@param[in] ImageHandle - A handle for this module
@param[in] SystemTable - A pointer to the EFI System Table
@retval EFI_SUCCESS - If TXT initialization succeed
@retval EFI_UNLOAD_IMAGE - If TXT criterias are not met
**/
EFI_STATUS
EFIAPI
DriverEntry (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
EFI_EVENT ReadyToBootEvent;
///
/// Initialize the platform specific code
///
Status = InitializeTxtDxeLib (ImageHandle, SystemTable, &mTxtDxeCtx);
///
/// If failure - assume TXT is not enabled
///
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "TXTDXE::InitializeTxtDxeLib failed.... Unloading\n"));
return EFI_UNLOAD_IMAGE;
}
///
/// If ESTS.TXTRESET bit is set, skip all other functions since
/// attempt to execute GETSEC will hang system. Skipping allows to
/// boot to OS and let MLE assess situation.
///
if (IsTxtResetSet (&mTxtDxeCtx)) {
DEBUG ((EFI_D_ERROR, "TXTDXE::TXT_RESET bit is set.... Unloading\n"));
return EFI_UNLOAD_IMAGE;
}
///
/// If TXT is enabled, configure platform appropriately.
/// Code assumes that if TXT is enabled by CPU driver than all checks
/// are passed, i.e. TPM is present, CPU and CS are TXT capable.
///
///
/// Add to check CPU TXT capable in case CPU drivers do not check additional requirements
///
if ((mTxtDxeCtx.TxtInfoData->ChipsetIsTxtCapable) && IsTxtProcessor () && IsTxtEnabled (&mTxtDxeCtx)) {
DEBUG ((EFI_D_INFO, "TXTDXE::TXT Enabled\n"));
///
/// Mark TXT Config Space as System Reserved in Memory Map
///
ReserveTxtConfigSpace (&mTxtDxeCtx);
///
/// Allocate and Initialize TXT Device Memory
///
Status = SetupTxtDeviceMemory (&mTxtDxeCtx);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "TXTDXE::SetupTxtDeviceMemory failed.... Unloading\n"));
return EFI_UNLOAD_IMAGE;
}
///
/// Create callback to run SCHECK on a Legacy Boot event
///
Status = EfiCreateEventReadyToBootEx (
EFI_TPL_CALLBACK,
ScheckCallback,
NULL,
&ReadyToBootEvent
);
ASSERT_EFI_ERROR (Status);
} else {
///
/// TXT is not enabled, so make sure TPM Establishment
/// bit is de-asserted
///
DEBUG ((EFI_D_INFO, "TXTDXE::TXT Disabled\n"));
if (IsTxtEstablished (&mTxtDxeCtx)) {
///
/// We can invoke BIOS ACM function only if CS and CPU are TXT
/// capable
///
if ((mTxtDxeCtx.TxtInfoData->ChipsetIsTxtCapable) &&
IsTxtProcessor () &&
!(mTxtDxeCtx.TxtInfoData->Flags & TPM_INIT_FAILED)
) {
DEBUG ((EFI_D_INFO, "TXTDXE::Resetting TPM Establishment bit\n"));
ResetTpmEstBit (&mTxtDxeCtx);
}
}
///
/// Reset AUX
///
Status = ResetTpmAux (&mTxtDxeCtx);
ASSERT_EFI_ERROR (Status);
}
return EFI_SUCCESS;
}
|
